Don't Fear Hackers, Just Protect, and Sleep At Night
I just wanted to write a brief post, in light of all the internet hacking and malware that is going on lately. There are some pretty nasty infections going around the web at the moment. But people shouldn't fear them. If you have your security up tight, if you have done all the basics, and follow all the rules, life will go on, and everything will be ok. Most hackers are not actually that intelligent. Granted, there is a handful of extremely bright coders/programmers out there. But you need to know that this is NOT the majority of the crowd out there. The majority of the crowd falls into the category of what we like to call "script kiddies" ...people with zero skills, who download malicious programs from the internet and the darkweb (if they actually survive without getting hacked themselves) and attempt to put them to work.
How do I know this?
Well, for one thing, I manage a whole group of websites, NONE of which have ever been hacked, and not for lack of trying. One of my websites, which is a local Christian radio station website, had been "attempted" to be hacked 4 times in the last week by a single individual, not even counting all the bot attacks that regularly occur, but this individual keeps trying to "log in" (whithout success). How do I know this? Well, I get notifications of course when someone attempts to log in to the administrative dashboard of any of my sites that I manage. So, you may be curious, just what did they try to use to log in to this particular site with? They tried to use the most common of my many, many email addresses...as a username. If they had any brains at all, they would realize you need to know a real username to get in to a WordPress website, and that a simple email address just won't do it. Not to mention, that of all my email addresses, there is only 1 email that I ever put on the internet anywhere, and that is the one that exists for the sole purpose of registering on websites and collecting all the spam. (which of course has 2-step verification turned on also) It's about a 30 year old email address, so it's not hard to get, and because it's used to collect all the spam, I would never use it to register on any of my own stuff with, that would just be stupid. But they keep trying...like they didn't learn the 1st time they failed...and they will probably try again. But they will never GUESS it if that's what they are trying to do, because my passwords are each unique, generic (not actually dictionary words, names, or anything discernable at all) and has an outrageous number of characters in it. So even if, by some very remote and very rare chance actually guessed my username, the password is a whole 'nother story. But I guess they think they are really smart because they have a VPN (LIKE anyone with any brains should have really) and can change their IP address every time...I don't care if you had a bot, you still wouldn't get it. (of course a bot or a program would probably have used the same IP for a while until they changed it, so it would get locked out very quickly.
So you see? Not very bright...likely some teenagers messing around trying their skills, whatever they think they have...either that, or someone with a vendetta against either myself, or Christians in particular.
So, if you honor the basic code is what I'm saying, the chances are slim you will be in any real danger.
And what are the basics?
- (1) don't use the same password everywhere, and when you choose passwords, the longer the better ...16 characters is considered good these days (let Google remember them and then just put 2-step verification on your Google account and USE IT. )
- And then, of course, if you are using 2-step verification, you have to also put a GOOD screenlock on your cell phone! (right? that's obvious, right?)
- Choose good usernames, don't use admin, don't use your facebook email address, don't use your domain name for a username/login, don't use family's names that are on your public, unprotected Facebook profile to be looked up, don't use your pet's names, put characters in place of normal letters every place you can (@ for a, ! for 1 or I, $ for S, ...you get the picture right?)
- (2) use 2-step verification on important accounts like banks, paypal, web hosting, website admin dashboards, Amazon (because they got hacked once alredy) and Facebook, and maybe Google also.
- (3) use security software that has a good/decent firewall, whether its on your own PC or on a website.
- (4) use a good spam blocker for website forms so you don't get X-scripted.
- (5) don't fall for any phishing attempts by opening any emails that you don't know who they are from, and don't open any hyperlinks unless you can mouse over them and see the 'real' link hidden beneath the text. (If you don't understand what I'm saying, read my blog post on phishing and what it looks like here: (actyually there are 3 posts, all great)
- (6) And finally: Do regular backups, so that in the rare occasion something or someone 'does' get through, you can quickly undo the damage, and get on with your life. This goes for your personal PC, or your website. I can secure either one for you fairly quickly. The few dollars it will cost you is worth it to sleep at night, isn't it?
And if you are reading this post, and realize that maybe you not as well protected as you should be, give us a CALL at 805-253-2034 and let us set you up with 1 of our security packages so that you CAN sleep well at night, and laugh at the script kiddies with me.